Equifax, one of America’s three major credit bureaus, said last week that a “cyber security incident” might have exposed the names, Social Security numbers, birth dates and addresses of 143 million Americans. Driver’s license numbers might have also been accessed, the company said.

The breach took place from mid-May through July 2017, according to Equifax.

A patch for the vulnerability, Apache Struts CVE-2017-5638, was released by The Apache Software Foundation in March, Bloomberg reported.

Sen. Mark Warner, D-Virginia, a member of the Banking, Budget and Finance committees and cofounder of the Senate Cybersecurity Caucus, on Wednesday called for an investigation into the data breach.

“The volume and sensitivity of the data potentially involved in this breach raises serious questions about whether firms like Equifax adequately protect the enormous amounts of sensitive data they gather and commercialize,” Warner wrote in a letter addressed to FTC Acting Chairwoman Maureen Ohlhausen.

He called the incident “one of the largest, and potentially most impactful, breaches in recent history.”